On 1/3/12 4:22 AM, ext Rigo Wenning wrote:
My aim as PAG chair is to conclude by March. The solution is still open. We
don't know yet whether the algorithms used by XML SIG or ENC really violate
the declared patents. We will hopefully know until then.
I'm still waiting for one response from MIT
On Wednesday 04 January 2012 09:19:51 Arthur Barstow wrote:
In case it isn't clear, I don't think anyone suggested the ECC stuff
should be deprecated. On the contrary, I think it makes sense for ECC
to be an algorithm for XMLDigSig1.1. However, some of us have advocated
the syntax be
On Thursday, 29 December 2011 at 16:22, Marcos Caceres wrote:
On Thursday, 29 December 2011 at 16:18, frederick.hir...@nokia.com
(mailto:frederick.hir...@nokia.com) wrote:
Marcos
My expectation is that we should have a PAG update on progress in the first
week of January
On 12/29/11 11:18 AM, Hirsch Frederick (Nokia-CIC/Boston) wrote:
Marcos
My expectation is that we should have a PAG update on progress in the first week of January
(hopefully) and a timeline like Rigo noted, with full resolution of the iPR issue by March - but
only the PAG chair knows the
No I am not.
Marcos took my email that expressed my hopes and turned it into a hard
deadline, which I do not agree with.
I suggest we let Rigo/Thomas continue this thread.
regards, Frederick
Frederick Hirsch
Nokia
On Jan 3, 2012, at 7:23 AM, Arthur Barstow wrote:
On 12/29/11 11:18 AM,
On Tuesday, 3 January 2012 at 13:07, frederick.hir...@nokia.com wrote:
No I am not.
Marcos took my email that expressed my hopes and turned it into a hard
deadline, which I do not agree with.
I'm also *hopeful* that it will be published sometime in March. If not, it's no
drama to
Hi all,
Frederick is innocent!
My aim as PAG chair is to conclude by March. The solution is still open. We
don't know yet whether the algorithms used by XML SIG or ENC really violate
the declared patents. We will hopefully know until then.
I'm still waiting for one response from MIT but
As I said before, this action is premature and we should let the PAG conclude
(or at least wait for a status report) - the W3C Team may have more to say, but
if this is on the order of weeks I do not think making work here to have
apparent progress is useful. I have not seen a definitive
Marcos
My expectation is that we should have a PAG update on progress in the first
week of January (hopefully) and a timeline like Rigo noted, with full
resolution of the iPR issue by March - but only the PAG chair knows the reality
since my expectations are as a customer of the PAG output. I
On Thursday, 29 December 2011 at 14:11, frederick.hir...@nokia.com wrote:
As I said before, this action is premature and we should let the PAG conclude
(or at least wait for a status report) - the W3C Team may have more to say,
but if this is on the order of weeks I do not think making
On Thursday, 29 December 2011 at 16:18, frederick.hir...@nokia.com wrote:
Marcos
My expectation is that we should have a PAG update on progress in the first
week of January (hopefully) and a timeline like Rigo noted, with full
resolution of the iPR issue by March - but only the PAG
As fun as this is, all this mud slinging is really not getting us anywhere
useful.
Lets go back an look at the options we have to divorce Widgets/XML Dig Sig
from Elliptic Curve:
1. Remove ECC from XML Dig Sig (in my opinion, the right thing to do™):
pros:
- frees both XML
TLR, FH, XMLSecWG,
On 12/21/11 6:03 AM, ext Marcos Caceres wrote:
Lets go back an look at the options we have to divorce Widgets/XML Dig Sig
from Elliptic Curve:
1. Remove ECC from XML Dig Sig (in my opinion, the right thing to do™):
pros:
- frees both XML Dig Sig and Widgets
Hi Art,
the pessimistic XMLSECPAG chair told you that it wouldn't resolve within days.
But I hope to have a clear view and plan by the end of January. Executing that
plan may take some time. Plan is to resolve until end of March, if everything
goes well. Well meaning a decision of the PAG and
TL;DR: JC and Leonard are right.
Pointing to a moving target makes any statement about conformance pretty
much unusable in the real world. Which is significantly worse than having
a statement of conformance to something known to contain errors and bugs.
Browsers don't implement living
On 18/12/11 20:31 , Marcos Caceres wrote:
On Sunday, December 18, 2011 at 5:45 PM, Leonard Rosenthol wrote:
Undated references (what you are suggesting) has the MAJOR PROBLEM that it
makes it DIFFICULT/IMPOSSIBLE to do validation of any product that claims
conformance to a standard – since
On Monday, December 19, 2011 at 8:55 AM, Jean-Claude Dufourd wrote:
On 18/12/11 20:31 , Marcos Caceres wrote:
On Sunday, December 18, 2011 at 5:45 PM, Leonard Rosenthol wrote:
Undated references (what you are suggesting) has the MAJOR PROBLEM that
it makes it
Marcos
You are replying beside the point everywhere.
Please read again what Leonard wrote about undated references. Leonard
is right.
In ISO specs, undated references are forbidden. There is a team of
people (called ITTF) whose job includes checking these things and
bugging spec editors to
Jean-Claude,
On Monday, December 19, 2011 at 12:37 PM, Jean-Claude Dufourd wrote:
Marcos
You are replying beside the point everywhere.
Please read again what Leonard wrote about undated references. Leonard
is right.
I'm sorry, but Leonard is not correct: this is the W3C, not ISO.
+1 for Marcos' position. If the W3C performed compliance testing, then it
would perhaps be more appropriate to reference specific versions, at least
in a compliance test specification. However, the W3C has historically not
defined compliance test specifications or perform compliance testing of
conformance definitions are not compliance testing; i did not use the word
conformance;
there are (at least) four different, independent tasks here:
1. defining conformance specifications
2. defining compliance test specifications
3. performing certification (i.e., applying compliance
-webapps@w3.org
public-webapps@w3.orgmailto:public-webapps@w3.org,
public-xml...@w3.orgmailto:public-xml...@w3.org
public-xml...@w3.orgmailto:public-xml...@w3.org
Subject: Re: [widgets] How to divorce widgets-digsig from Elliptic Curve PAG?
I think I have a better solution...
1. Widgets points
On Sunday, December 18, 2011 at 5:45 PM, Leonard Rosenthol wrote:
Undated references (what you are suggesting) has the MAJOR PROBLEM that it
makes it DIFFICULT/IMPOSSIBLE to do validation of any product that claims
conformance to a standard – since it's impossible to determine which
On 12/18/11 2:31 PM, Marcos Caceres w...@marcosc.com wrote:
On Sunday, December 18, 2011 at 5:45 PM, Leonard Rosenthol wrote:
Undated references (what you are suggesting) has the MAJOR PROBLEM that
it makes it DIFFICULT/IMPOSSIBLE to do validation of any product that
claims conformance to a
On Dec 18, 2011, at 8:49 PM, Leonard Rosenthol lrose...@adobe.com wrote:
On 12/18/11 2:31 PM, Marcos Caceres w...@marcosc.com wrote:
On Sunday, December 18, 2011 at 5:45 PM, Leonard Rosenthol wrote:
Undated references (what you are suggesting) has the MAJOR PROBLEM that
it makes it
On 12/15/11 11:51 AM, ext Brian LaMacchia wrote:
Hello all,
Sorry for coming to this thread late (I'm on vacation) but I want to comment on
a number of points raised during this thread:
1) Concerning the suggestion to move ECDSA out of XMLDSIG 1.1, that suggestion
is a non-starter for
I think I have a better solution...
1. Widgets points to unversioned: http://www.w3.org/TR/xmldsig-core/
2. when XML dig sig pag finishes and spec goes to rec, XML Dig Sig 1.X (and
future versions) gets put at http://www.w3.org/TR/xmldsig-core/
3. Done.
That way widgets always just depend on
On Wednesday, December 14, 2011 at 10:31 PM, Marcos Caceres wrote:
On Wednesday, 14 December 2011 at 21:06, Rigo Wenning wrote:
Hi all,
as the PAG chair of this XMLSEC PAG, let me tell you that support from the
industry in sorting this out was low so far. What I heard through
Works for me, too.
--
Thomas Roessler, W3C t...@w3.org (@roessler)
On 2011-12-13, at 22:14 +0100, Philippe Le Hegaret wrote:
On Tue, 2011-12-13 at 13:14 -0500, Arthur Barstow wrote:
Hi All,
The Widgets DigSig spec [W-DigSig] has been sitting in PR for over 4
months now, blocked on
to divorce widgets-digsig from Elliptic Curve PAG?
Works for me, too.
--
Thomas Roessler, W3C t...@w3.org (@roessler)
On 2011-12-13, at 22:14 +0100, Philippe Le Hegaret wrote:
On Tue, 2011-12-13 at 13:14 -0500, Arthur Barstow wrote:
Hi All,
The Widgets DigSig spec [W-DigSig] has been sitting
On Thursday, December 15, 2011 at 4:51 PM, Brian LaMacchia wrote:
Hello all,
Sorry for coming to this thread late (I'm on vacation) but I want to comment
on a number of points raised during this thread:
1) Concerning the suggestion to move ECDSA out of XMLDSIG 1.1, that
suggestion
On Thursday, December 15, 2011 at 4:51 PM, Brian LaMacchia wrote:
3) Widget-DSig's choice of RSA-4096 is particularly surprising given the
increased size of the signature verification cost relative to ECDSA-SHA256.
That's not going to be efficient to validate, especially not for
oops, wrong explain, instead see
http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/explain.html 6.1, 6.2*,
6.3.1, 6.4.2 (e.g. move away from SHA-1)
regards, Frederick
Frederick Hirsch
Nokia
On Dec 14, 2011, at 2:00 PM, Hirsch Frederick (Nokia-CIC/Boston) wrote:
Art
I think switching
So what about option #2 below? -AB
On 12/14/11 2:00 PM, Hirsch Frederick (Nokia-CIC/Boston) wrote:
Art
I think switching the dependency to XML Signature 1.0 is a bad idea, noting
that 1.1 has fixed errors, and addressed security vulnerabilities, including
updates to algorithms (other than
I'm suggesting we let the XMLSec PAG conclude before taking that step (or
another possibility), but obviously that depends on the PAG timeline going
forward.
regards, Frederick
Frederick Hirsch
Nokia
On Dec 14, 2011, at 2:08 PM, Arthur Barstow wrote:
So what about option #2 below? -AB
On Tuesday, December 13, 2011 at 9:14 PM, Philippe Le Hegaret wrote:
On Tue, 2011-12-13 at 13:14 -0500, Arthur Barstow wrote:
An other one was for the Director to decide to move the document forward
anyway because W-DigSig doesn't depend on ECC.
Thomas, any suggestion?
I personally
this seems logical, in that any outcome for ECC (ranging from continued
inclusion to removal) would have no impact on widget signature given this lack
of specific dependency.
regards, Frederick
Frederick Hirsch
Nokia
On Dec 14, 2011, at 2:12 PM, ext Marcos Caceres wrote:
On Tuesday,
This certainly WFM.
TLR, PLH - what needs to be done to make this happen?
-AB
On 12/14/11 2:21 PM, Hirsch Frederick (Nokia-CIC/Boston) wrote:
this seems logical, in that any outcome for ECC (ranging from continued
inclusion to removal) would have no impact on widget signature given this
Hi all,
as the PAG chair of this XMLSEC PAG, let me tell you that support from the
industry in sorting this out was low so far. What I heard through the
grapevine was more or less: We know, but we can't tell you.
For the moment, W3C is asking for cost estimates to figure out what most of
On Wednesday, 14 December 2011 at 21:06, Rigo Wenning wrote:
Hi all,
as the PAG chair of this XMLSEC PAG, let me tell you that support from the
industry in sorting this out was low so far. What I heard through the
grapevine was more or less: We know, but we can't tell you.
For the
Hi All,
The Widgets DigSig spec [W-DigSig] has been sitting in PR for over 4
months now, blocked on the Elliptic Curve PAG [ECC-PAG]. AFAICT, this
PAG has just started its unspecified length Fishing Expedition seeking
some unspecified level of funds to pay for some type of analysis that
will
On Tue, 2011-12-13 at 13:14 -0500, Arthur Barstow wrote:
Hi All,
The Widgets DigSig spec [W-DigSig] has been sitting in PR for over 4
months now, blocked on the Elliptic Curve PAG [ECC-PAG]. AFAICT, this
PAG has just started its unspecified length Fishing Expedition seeking
some
42 matches
Mail list logo